savvius insight

Remote networks rarely get the attention as they should. Most network administrators do not know what’s happening on those remote networks. Whether they are operating efficiently, if there are issues, and whether security posture is where it should be. It’s important to get this visibility and insight easily without needing to spend extra resources gathering this information. This is where the Savvius Insight plays a big role.

Network Visibility

Do you know what happens on the networks of your remote sites? Being disconnected leads vulnerabilities left open. The Savvius Insight provides a simple way to monitor remote networks and gain insight into what’s happening. The Insight collects data as it is traversing the network and creates a baseline of activity.

Dashboards are automatically created for the network administrator. Things such as data flows, network protocols, and Expert Trends, are easily available.

With the ability to select a timeframe, the network administrator can get a general overview of how the network is performing. With data such as average utilization, max utilization, and average response time, a network administrator can make a decision based on this information. An example would be monitoring bandwidth utilization, depending on where the Savvius Insight is installed on the network.

Network Overview

Remote networks are often troubled with bandwidth constraints which makes the Insight appliance a good fit for the job. Utilization is already graphed and while correlated by time, the issue can be determined quickly.

Event graphs

Troubleshooting

While bandwidth utilization is often a common troubleshooting task, how about other issues? Another type issue tracked by Savvius Insight is VoIP calls. Call metrics such as MOS scores are tracked and documented over time. Call duration is also trended just in case there are suspecting high usage bills.

The type of codec used during the calls are also graphed over time and how often they are used. There may be a call quality issue that needs troubleshooting and determining the type of codec being used can be helpful.

Monitoring VoIP calls with Savvius Insight

Security is at the top of every businesses mind. The Insight appliance can be used to track abnormal network activity. A network administrator should know what type of traffic is on the network. With the appliance installed in-line with your ISP, application categories can be tracked in a table.

The name of the application and their category is tracked with a productivity score and risk. If the majority of network bandwidth is being utilized is not a business application, then it has been determined there is a productivity issue in the remote office.

Or maybe there’s an infected host transferring malware, or a host that has been compromised to host malicious activity. The Insight appliance can help trend this type of traffic and display it in an easy to read table.

Top applications on the network

It’s important to keep an eye on the type of protocols running in remote offices to ensure security is not compromised. The most common protocol is HTTPS. Any other protocol, unused in the business environment, should raise a red flag.

If there is a large amount of unknown protocols being utilized during off-business hours then there needs to be further investigation. There is a default graph and table to help bring this visualization to attention without needing to read into large, unreadable, capture files.

Top protocols on the networkTop nodes on the network

Keeping an eye on destination networks is another way of identifying questionable traffic and potential security risks. If countries show up on the list of utilization tables as a destination that the business does not get involved with then there may be a security breach or investigation needs to be looked into why.

Security experts have warned about attacks coming from state-sponsored organizations. Those countries can be tracked with the default Utilization Map. Keep an eye out for countries where no work or connectivity should be occurring. Things to look out for are large amounts of login attempts coming from an unknown country or large amount of traffic being sent or received.

Geographic utilization map

There is a table providing a sorted list of countries by the amount of Bytes and Packets sent and received.

Top countries by bytes sent/received

Platform

The Savvius Insight is a small form factor appliance designed for remote networks. Installed on the appliance is the ELK stack. It takes advantage of open source projects, Kibana, Elasticsearch, and Logstash.

The appliance is easy to deploy and just takes a matter of minutes to set up. There is low systems administration with this appliance as it is used to ingest data from multiple sources simultaneously.

The dashboards built-in provide you dynamic visualization data with charts and graphs.

It’s a powerful application with flexible visualization tools allowing you to create custom visualizations and tables with the existing data being collected.

Conclusion

For thin IT teams managing multiple remote networks, the Savvius Insight is a perfect solution with minimal overhead. It provides a network administrator with visibility into a network where it hasn’t had previously. The ELK stack is used for long term network visibility to provide as much insight from collected events.